Case sensitivity in Kerberos principal names.

Andrew Bartlett abartlet at
Fri Mar 10 07:53:52 GMT 2006

On Fri, 2006-03-10 at 01:42 -0600, Christopher R. Hertel wrote:
> Andrew Bartlett wrote:
> :
> >>The problem seems to be the case of the principal.  The Celerra goes
> >>against the grain by sending principal names in the form NAME at realm (that
> >>is, UPPER at lower).  The Windows KDC will "canonicalize" the name changing it
> >>to name at REALM (that is, lower at UPPER).
> > 
> > A well known behaviour.
> Which, the behavior of the Windows KDC or the odd choice of capitalization
> from the server?

The windows KDC behaviour.

> > I'll assert that it would be far, far easier for one commercial NAS
> > device to check AD for the correct case than for all the Linux and Apple
> > MAC clients in the world to change behaviour. 
> My feelings as well, but I need to convince the vendor that it is worth
> doing.

They live in a windows only world I presume?  :-)

We can't fix what clients are out there.  I would have thought that this
is an easy fix, compared to the customer pain, but clearly they don't
feel that...

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list